CVE-2024-29241

Name of the Vulnerable Software and Affected Versions Synology Surveillance Station versions prior to 9.2.0-9289 Synology Surveillance Station versions prior to 9.2.0-11289

Description The issue is related to a missing authorization vulnerability in the System webapi component of Synology Surveillance Station. This vulnerability can be exploited by a remote attacker to bypass security constraints, potentially allowing them to elevate their privileges. The vulnerability can be exploited by remote authenticated users via unspecified vectors.

Recommendations For Synology Surveillance Station versions prior to 9.2.0-9289, update to version 9.2.0-9289 or later. For Synology Surveillance Station versions prior to 9.2.0-11289, update to version 9.2.0-11289 or later. As a temporary workaround, consider restricting access to the System webapi component until a patch is available.